I've been searching for hours for a solution and either I can't find the right words to describe what I need in the search engines, or I'm just bad at finding things.

Here's the situation:
I'm currently making a website and I have a section where visitors can post messages, kind of like a "guestbook". However, I want to limit an IP address to 2 posts per day. I thought it'd be easy at first, just insert the IP address, date, and time along with all the other data into the mysql table and then do a comparison of the times and dates from each ip. Something like that.... Then as I got to working on it, so many questions came to mind. How would I compare the entries if the IP has posted more than 2 messages over a number of days? How would you even start comparing the date and time accurately? What's the best time and date format for comparison? Is there a better way such as self expiring data that you can compare to? And so on.. Sorry if this seems like such a simple task but I am having a hard time finding the answers. Tried googling everything such as "mysql php time limit", "php mysql prevent spam timer", "php mysql timer like megavideo" etc.

Just to clarify, I need a good method for preventing a visitor from posting more than 2 message per day. This is a "guestbook" kind of thing so any visitor can post. No logins.

Is two posts per day "two posts in a 24 hour interval" or "two post on the same date" - meaning can you post two messages at 23:59 server time, and then two more at 00:01 ? Your answers below reflect posts in a 24 hr interval, mostly.
–
cairnzApr 28 '11 at 11:37

If you record in your database the IP on every post, you can check if it has posted more than 2 times in the last X days with a query counting the number of records with that IP in the last X days, something like this:

Stylistically, I don't think a trigger would be the right way to do this - unless you are a database wizard, triggers can be very hard to understand and debug, and I've seen teams struggle with unexplained behaviour for days because nobody remembered that a trigger was set up on a table, and firing in a way that wasn't expected...
–
Neville KApr 28 '11 at 10:22

Hey thanks for your reply. I am still fairly new at mysql and php and I haven't yet learned about triggers. I'll study your code and give it a try. Thank you very much!
–
PseudosudoApr 28 '11 at 10:34

You could implement this simply with cookies. Anyone determined enough to get round the posting limit would be able to get round an IP block anyway, since proxies and dynamic IPs make it really easy. So blocking by cookie or by IP are about as useful as each other (not especially), but cookies are easier to implement:

If you store a counter in the cookie and set the expiry date to be 24 hours in the future.
You can then increment the counter when the user posts an entry, and simply check the counter to see if they've reached their limit.

That way you don't have to worry about mucking about with a database and any performance issues it can introduce.

Building upon Neville K's captcha point. If spam is your main concern, try out a negative captcha - it doesn't impact the user's experience since they never see it.

You've already got plenty of reasonable looking answers, so I won't add anything to that - but I do think you need to be careful using IP address as the unique identifier of the visitor. It's not a reliable way of identifying users - for instance, most people within a single company/university/government installation will appear to come from the same IP address, so this implementation would limit everyone within that structure to 2 posts per day.

The best way of avoiding spam is to include CAPTCHA - it's a pain in the backside for users, but it reliably foils robots; unless your site is super high value, spammers won't be motivated enough to have human beings post spam.

Hey thanks for the reply! I have implemented a simple captcha system where I keep an array of questions and answers in a php file and then I compare them after the form submit with ajax. My goal is to just limit some chatty visitors from spamming. Thanks for your concern!
–
PseudosudoApr 28 '11 at 10:27